27

I have the following code that is working on Nginx to keep the AWS ELB healthcheck happy.

map $http_user_agent $ignore {
  default 0;
  "ELB-HealthChecker/1.0" 1;
}

server {
  location / {
    if ($ignore) {
      access_log off;
      return 200;
    }
  }
}

I know the 'IF' is best avoided with Nginx and I wanted to ask if someone would know how to recode this without the 'if'?

thankyou

Adam
  • 505
  • 1
  • 6
  • 10

3 Answers3

73

Don't overcomplicate things. Just point your ELB health checks at a special URL just for them.

server {
  location /elb-status {
    access_log off;
    return 200;
  }
}
ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • thankyou for you reply... can you explain a touch more... currently in the ELB health check I'm pointing it at /index.html. Do you mean point the health checks at say '/elb-status' and the add the above server block? is that it? does the /elb-status url need to exist? thx again – Adam Jun 25 '13 at 00:52
  • worked perfectly when I put /elb-status in the ELB and added the server block above - thankyou so much!!! greatly apprecated – Adam Jun 25 '13 at 00:58
  • Glad I could help! – ceejayoz Jun 25 '13 at 01:26
  • @ceejayoz, that was a clever solution. I spun up an instance that is getting no outside traffic, and one the elb status checks are taken care of, this starts to show up in the log, I think it is the ELB latency checks, any ideas there? 10.244.162.24 - - [26/Dec/2013:06:04:18 +0000] "-" 400 0 "-" "-" – eezis Dec 26 '13 at 06:14
  • 1
    Hmm, I'm gettting `"/usr/share/nginx/html/elb-status" failed (2: No such file or directory)`... any idea why this could be? – Michael Waterfall Jan 24 '14 at 17:47
  • @MichaelWaterfall If you do `curl -I http://localhost/elb-status` from the server, does it give you a 200? – ceejayoz Jan 24 '14 at 18:20
  • @MichaelWaterfall i have seen the same issue and an nginx restart seems to fix, but this is obviously no good when we want to auto scale our instances – Mark Unsworth May 27 '14 at 12:57
  • 1
    Neat solution. – pTK Sep 20 '17 at 08:00
  • Working fine. Does the access log of nginx shows this request ? Not showing up for me. – Sandeep Balagopal May 04 '20 at 16:14
  • 1
    @SandeepBalagopal See that `access_log off` line? – ceejayoz May 04 '20 at 16:19
31

Just to improve on the above answer, which is correct. The following works great:

location /elb-status {
    access_log off;
    return 200 'A-OK!';
    # because default content-type is application/octet-stream,
    # browser will offer to "save the file"...
    # the next line allows you to see it in the browser so you can test 
    add_header Content-Type text/plain;
}
Grant
  • 411
  • 4
  • 2
5

Update: If the user agent validation is necessary,

set $block 1;

# Allow only the *.example.com hosts. 
if ($host ~* '^[a-z0-9]*\.example\.com$') {
   set $block 0;
}

# Allow all the ELB health check agents.
if ($http_user_agent ~* '^ELB-HealthChecker\/.*$') { 
  set $block 0;
}

if ($block = 1) { # block invalid requests
  return 444;
}

# Health check url
location /health {
  return 200 'OK';
  add_header Content-Type text/plain;
}
Babu
  • 151
  • 1
  • 5